lua-cli 3.5.0-alpha.1 → 3.5.0-alpha.3

package/dist/commands/integrations.js

@@ -0,0 +1,2392 @@
+/**
+ * Integrations Command
+ * Manages third-party integrations via Unified.to
+ *
+ * Core concepts:
+ * - Integration: A supported third-party service (e.g., Linear, Google Calendar)
+ * - Connection: An authenticated link between your agent and a specific integration
+ * - MCP Server: Technical implementation that exposes connection tools to the agent (auto-managed)
+ *
+ * Flow:
+ * 1. User runs `lua integrations connect`
+ * 2. CLI fetches available integrations from Lua API
+ * 3. User authorizes via OAuth or provides API credentials
+ * 4. Connection is established and stored
+ * 5. MCP server is automatically created to expose tools to the agent
+ */
+import http from 'http';
+import { URL } from 'url';
+import open from 'open';
+import { loadApiKey, checkApiKey } from '../services/auth.js';
+import { readSkillConfig } from '../utils/files.js';
+import { withErrorHandling, writeProgress, writeSuccess, writeInfo, writeError } from '../utils/cli.js';
+import { BASE_URLS } from '../config/constants.js';
+import { safePrompt } from '../utils/prompt-handler.js';
+import { validateConfig, validateAgentConfig } from '../utils/dev-helpers.js';
+import DeveloperApi from '../api/developer.api.service.js';
+import UnifiedToApi from '../api/unifiedto.api.service.js';
+import { fetchServersCore, activateServerCore, deactivateServerCore, } from './mcp.js';
+// ─────────────────────────────────────────────────────────────────────────────
+// Configuration
+// ─────────────────────────────────────────────────────────────────────────────
+const UNIFIED_MCP_BASE_URL = 'https://mcp-api.unified.to/mcp';
+const CALLBACK_PORT = 19837; // Random high port for OAuth callback
+const CALLBACK_URL = `http://localhost:${CALLBACK_PORT}/callback`;
+// Webhook trigger configuration
+const AGENT_WEBHOOK_URL = `${BASE_URLS.API}/webhook/unifiedto/data`;
+const DEFAULT_VIRTUAL_WEBHOOK_INTERVAL = 60; // minutes
+// ─────────────────────────────────────────────────────────────────────────────
+// Integration API Functions (via Lua API)
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Fetches available (activated) integrations via Lua API
+ */
+async function fetchAvailableIntegrations(unifiedToApi) {
+    const result = await unifiedToApi.getAvailableIntegrations();
+    if (!result.success || !result.data) {
+        throw new Error(`Failed to fetch integrations: ${result.error?.message || 'Unknown error'}`);
+    }
+    return result.data.map((integration) => ({
+        name: integration.name,
+        value: integration.type,
+        categories: integration.categories || [],
+        authSupport: integration.authSupport,
+        oauthConfigured: integration.oauthConfigured,
+        oauthScopes: integration.oauthScopes,
+        tokenFields: integration.tokenFields,
+    }));
+}
+/**
+ * Starts a local HTTP server to receive the OAuth callback
+ * Returns a promise that resolves when the callback is received
+ */
+function startCallbackServer(timeoutMs = 300000) {
+    return new Promise((resolve) => {
+        let resolved = false;
+        const server = http.createServer((req, res) => {
+            if (resolved)
+                return;
+            const reqUrl = new URL(req.url || '/', `http://localhost:${CALLBACK_PORT}`);
+            if (reqUrl.pathname === '/callback') {
+                const connectionId = reqUrl.searchParams.get('id');
+                const error = reqUrl.searchParams.get('error');
+                const integrationType = reqUrl.searchParams.get('type');
+                resolved = true;
+                if (error) {
+                    // Send error page
+                    res.writeHead(200, { 'Content-Type': 'text/html' });
+                    res.end(`
+            <!DOCTYPE html>
+            <html>
+            <head><title>Connection Failed</title></head>
+            <body style="font-family: system-ui; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #1a1a2e;">
+              <div style="text-align: center; color: white;">
+                <h1 style="color: #ff6b6b;">❌ Connection Failed</h1>
+                <p style="color: #ccc;">Error: ${error}</p>
+                <p style="color: #888;">You can close this window and try again.</p>
+              </div>
+            </body>
+            </html>
+          `);
+                    server.close();
+                    resolve({ success: false, error });
+                }
+                else if (connectionId) {
+                    // Send success page
+                    res.writeHead(200, { 'Content-Type': 'text/html' });
+                    res.end(`
+            <!DOCTYPE html>
+            <html>
+            <head><title>Connection Successful</title></head>
+            <body style="font-family: system-ui; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #1a1a2e;">
+              <div style="text-align: center; color: white;">
+                <h1 style="color: #4ade80;">✅ Connection Successful!</h1>
+                <p style="color: #ccc;">Your integration has been connected.</p>
+                <p style="color: #888;">You can close this window and return to the terminal.</p>
+              </div>
+            </body>
+            </html>
+          `);
+                    server.close();
+                    resolve({ success: true, connectionId, integrationType: integrationType || undefined });
+                }
+                else {
+                    res.writeHead(400, { 'Content-Type': 'text/plain' });
+                    res.end('Missing connection ID');
+                }
+            }
+            else {
+                res.writeHead(404, { 'Content-Type': 'text/plain' });
+                res.end('Not found');
+            }
+        });
+        server.listen(CALLBACK_PORT, () => {
+            // Server started
+        });
+        // Timeout after specified time
+        setTimeout(() => {
+            if (!resolved) {
+                resolved = true;
+                server.close();
+                resolve({ success: false, error: 'Timeout waiting for OAuth callback' });
+            }
+        }, timeoutMs);
+    });
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Main Command Entry
+// ─────────────────────────────────────────────────────────────────────────────
+export async function integrationsCommand(action, subaction, cmdObj) {
+    return withErrorHandling(async () => {
+        const config = readSkillConfig();
+        validateConfig(config);
+        validateAgentConfig(config);
+        const agentId = config.agent.agentId;
+        const apiKey = await loadApiKey();
+        if (!apiKey) {
+            console.error("❌ No API key found. Please run 'lua auth configure' to set up your API key.");
+            process.exit(1);
+        }
+        const userData = await checkApiKey(apiKey);
+        writeProgress("✅ Authenticated with Lua");
+        const userId = userData.admin?.userId;
+        if (!userId) {
+            console.error("❌ Failed to get user ID from authentication.");
+            process.exit(1);
+        }
+        const developerApi = new DeveloperApi(BASE_URLS.API, apiKey, agentId);
+        const unifiedToApi = new UnifiedToApi(BASE_URLS.API, apiKey);
+        const context = {
+            agentId,
+            userId,
+            apiKey,
+            developerApi,
+            unifiedToApi,
+        };
+        if (action) {
+            // Pass subaction via cmdObj for webhooks command
+            const enhancedCmdObj = { ...cmdObj, _: subaction ? [subaction] : [] };
+            await executeNonInteractive(context, action, enhancedCmdObj);
+        }
+        else {
+            await interactiveIntegrationsManagement(context);
+        }
+    }, "integrations");
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Non-Interactive Mode
+// ─────────────────────────────────────────────────────────────────────────────
+async function executeNonInteractive(context, action, cmdOptions) {
+    const normalizedAction = action.toLowerCase();
+    // Extract typed options
+    const options = {
+        integration: cmdOptions?.integration,
+        connectionId: cmdOptions?.connectionId,
+        authMethod: cmdOptions?.authMethod,
+        scopes: cmdOptions?.scopes,
+        hideSensitive: cmdOptions?.hideSensitive !== 'false', // Default true, only false if explicitly set
+        // Trigger options
+        triggers: cmdOptions?.triggers,
+        customWebhook: cmdOptions?.customWebhook === true,
+        hookUrl: cmdOptions?.hookUrl,
+    };
+    // Check for JSON output flag
+    const jsonOutput = cmdOptions?.json === true;
+    switch (normalizedAction) {
+        case 'connect':
+            await connectIntegrationFlow(context, options);
+            break;
+        case 'update':
+            if (!options.integration) {
+                console.error("❌ --integration is required for update");
+                console.log("\n💡 Run 'lua integrations list' to see connected integrations");
+                process.exit(1);
+            }
+            await updateConnectionFlow(context, options);
+            break;
+        case 'list':
+            await listConnections(context);
+            break;
+        case 'available':
+            await listAvailableIntegrations(context);
+            break;
+        case 'info':
+            // New command: Show detailed info about an integration type
+            // Integration type can be passed as positional arg (info <type>) or as --integration flag
+            const infoIntegrationType = options.integration || cmdOptions?._?.[0];
+            if (!infoIntegrationType) {
+                console.error("❌ Integration type is required");
+                console.log("\nUsage: lua integrations info <type>");
+                console.log("       lua integrations info <type> --json");
+                process.exit(1);
+            }
+            await showIntegrationInfo(context, infoIntegrationType, jsonOutput);
+            break;
+        case 'disconnect':
+            if (!options.connectionId) {
+                console.error("❌ --connection-id is required for disconnect");
+                console.log("\n💡 Run 'lua integrations list' to see connection IDs");
+                process.exit(1);
+            }
+            await disconnectIntegration(context, options.connectionId);
+            break;
+        case 'webhooks':
+            await webhooksSubcommand(context, cmdOptions);
+            break;
+        case 'mcp':
+            await mcpSubcommand(context, cmdOptions);
+            break;
+        default:
+            console.error(`❌ Invalid action: "${action}"`);
+            showUsage();
+            process.exit(1);
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Interactive Mode
+// ─────────────────────────────────────────────────────────────────────────────
+async function interactiveIntegrationsManagement(context) {
+    let continueManaging = true;
+    while (continueManaging) {
+        console.log("\n" + "=".repeat(60));
+        console.log("🔗 Integrations");
+        console.log("=".repeat(60) + "\n");
+        const actionAnswer = await safePrompt([
+            {
+                type: 'list',
+                name: 'action',
+                message: 'What would you like to do?',
+                choices: [
+                    { name: '➕ Connect a new integration', value: 'connect' },
+                    { name: '🔄 Update connection scopes', value: 'update' },
+                    { name: '📋 List connected integrations', value: 'list' },
+                    { name: '🔍 View available integrations', value: 'available' },
+                    { name: '🔔 Manage triggers', value: 'webhooks' },
+                    { name: '🔌 Manage MCP servers', value: 'mcp' },
+                    { name: '🗑️  Disconnect an integration', value: 'disconnect' },
+                    { name: '❌ Exit', value: 'exit' }
+                ]
+            }
+        ]);
+        if (!actionAnswer)
+            return;
+        const { action } = actionAnswer;
+        switch (action) {
+            case 'connect':
+                await connectIntegrationFlow(context);
+                break;
+            case 'update':
+                await updateConnectionFlow(context);
+                break;
+            case 'list':
+                await listConnections(context);
+                break;
+            case 'available':
+                await listAvailableIntegrations(context);
+                break;
+            case 'webhooks':
+                await webhooksInteractiveMenu(context);
+                break;
+            case 'mcp':
+                await mcpManagementFlow(context, {});
+                break;
+            case 'disconnect':
+                await disconnectIntegrationInteractive(context);
+                break;
+            case 'exit':
+                continueManaging = false;
+                console.log("\n👋 Goodbye!\n");
+                break;
+        }
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// List Available Integrations
+// ─────────────────────────────────────────────────────────────────────────────
+async function listAvailableIntegrations(context) {
+    writeProgress("🔄 Fetching available integrations...");
+    try {
+        const integrations = await fetchAvailableIntegrations(context.unifiedToApi);
+        console.log("\n" + "=".repeat(60));
+        console.log("🔌 Available Integrations");
+        console.log("=".repeat(60) + "\n");
+        if (integrations.length === 0) {
+            console.log("ℹ️  No integrations available.");
+            console.log("💡 Contact support to enable integrations for your workspace.\n");
+            return;
+        }
+        // Group by category
+        const byCategory = {};
+        for (const integration of integrations) {
+            const category = integration.categories[0] || 'other';
+            if (!byCategory[category])
+                byCategory[category] = [];
+            byCategory[category].push(integration);
+        }
+        for (const [category, items] of Object.entries(byCategory)) {
+            console.log(`📁 ${category.toUpperCase()}`);
+            items.forEach(i => {
+                const authBadge = i.authSupport === 'oauth' ? '🔐' : i.authSupport === 'token' ? '🔑' : '🔐🔑';
+                console.log(`   ${authBadge} ${i.name} (${i.value})`);
+            });
+            console.log();
+        }
+        console.log("=".repeat(60));
+        console.log(`Total: ${integrations.length} integration(s) available`);
+        console.log("🔐 = OAuth  🔑 = API Key/Token  🔐🔑 = Both\n");
+    }
+    catch (error) {
+        writeError(`❌ Failed to fetch integrations: ${error.message}`);
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Integration Info (Non-Interactive Discovery)
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Show detailed information about an integration type
+ * Used for non-interactive discovery of OAuth scopes and webhook events
+ */
+async function showIntegrationInfo(context, integrationType, jsonOutput = false) {
+    try {
+        // Fetch integration details
+        const integrations = await fetchAvailableIntegrations(context.unifiedToApi);
+        const integration = integrations.find(i => i.value === integrationType);
+        if (!integration) {
+            if (jsonOutput) {
+                console.log(JSON.stringify({ error: `Integration not found: ${integrationType}` }));
+            }
+            else {
+                console.error(`❌ Integration not found: ${integrationType}`);
+                console.log('\nAvailable integrations:');
+                integrations.forEach(i => console.log(`  - ${i.value} (${i.name})`));
+            }
+            process.exit(1);
+        }
+        // Fetch available webhook events for this integration
+        let webhookEvents = [];
+        try {
+            const eventsResult = await context.unifiedToApi.getAvailableWebhookEventsByType(integrationType);
+            if (eventsResult.success && eventsResult.data) {
+                webhookEvents = eventsResult.data;
+            }
+        }
+        catch {
+            // Silently ignore if webhook events can't be fetched
+        }
+        if (jsonOutput) {
+            // Output as JSON for scripting
+            const output = {
+                type: integration.value,
+                name: integration.name,
+                categories: integration.categories,
+                authSupport: integration.authSupport,
+                oauthConfigured: integration.oauthConfigured,
+                oauthScopes: integration.oauthScopes || [],
+                tokenFields: integration.tokenFields || [],
+                webhookEvents: webhookEvents.map(e => ({
+                    trigger: `${e.objectType}.${e.event}`,
+                    objectType: e.objectType,
+                    event: e.event,
+                    webhookType: e.webhookType,
+                    friendlyLabel: e.friendlyLabel,
+                    friendlyDescription: e.friendlyDescription,
+                    availableFilters: e.availableFilters,
+                })),
+                webhookDefaults: {
+                    agentWebhookUrl: AGENT_WEBHOOK_URL,
+                    defaultVirtualInterval: DEFAULT_VIRTUAL_WEBHOOK_INTERVAL,
+                },
+            };
+            console.log(JSON.stringify(output, null, 2));
+        }
+        else {
+            // Human-readable output
+            console.log("\n" + "=".repeat(60));
+            console.log(`📋 Integration: ${integration.name}`);
+            console.log("=".repeat(60));
+            console.log(`\n  Type: ${integration.value}`);
+            console.log(`  Categories: ${integration.categories.join(', ')}`);
+            console.log(`  Auth Support: ${integration.authSupport}`);
+            console.log(`  OAuth Configured: ${integration.oauthConfigured ? 'Yes' : 'No'}`);
+            // OAuth Scopes
+            if (integration.oauthScopes && integration.oauthScopes.length > 0) {
+                console.log('\n  OAuth Scopes:');
+                integration.oauthScopes.forEach(s => {
+                    if (s.friendlyLabel) {
+                        console.log(`    - ${s.friendlyLabel} (${s.unifiedScope})`);
+                        if (s.friendlyDescription) {
+                            console.log(`      ${s.friendlyDescription}`);
+                        }
+                    }
+                    else {
+                        console.log(`    - ${s.unifiedScope} → [${s.originalScopes.join(', ')}]`);
+                    }
+                });
+            }
+            // Token Fields
+            if (integration.tokenFields && integration.tokenFields.length > 0) {
+                console.log('\n  Token Fields:');
+                integration.tokenFields.forEach(f => {
+                    console.log(`    - ${f.name}`);
+                    if (f.instructions) {
+                        console.log(`      💡 ${f.instructions}`);
+                    }
+                });
+            }
+            // Webhook Events/Triggers
+            if (webhookEvents.length > 0) {
+                console.log('\n  Available Triggers:');
+                webhookEvents.forEach(e => {
+                    console.log(`    - ${e.objectType}.${e.event} [${e.webhookType}] - ${e.friendlyDescription}`);
+                });
+            }
+            else {
+                console.log('\n  Available Triggers: None');
+            }
+            console.log("\n" + "=".repeat(60));
+            console.log("\n💡 Use with non-interactive commands:");
+            console.log(`   lua integrations connect --integration ${integrationType} --auth-method oauth --scopes all`);
+            if (webhookEvents.length > 0) {
+                const exampleTrigger = `${webhookEvents[0].objectType}.${webhookEvents[0].event}`;
+                console.log(`   lua integrations connect --integration ${integrationType} --triggers ${exampleTrigger}`);
+            }
+            console.log();
+        }
+    }
+    catch (error) {
+        if (jsonOutput) {
+            console.log(JSON.stringify({ error: error.message }));
+        }
+        else {
+            writeError(`❌ Failed to get integration info: ${error.message}`);
+        }
+        process.exit(1);
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Connect Flow
+// ─────────────────────────────────────────────────────────────────────────────
+async function connectIntegrationFlow(context, options = {}) {
+    // Step 1: Fetch available integrations and existing connections
+    writeProgress("🔄 Fetching integrations...");
+    let integrations;
+    let existingConnections = [];
+    try {
+        const [integrationsResult, connectionsResult] = await Promise.all([
+            fetchAvailableIntegrations(context.unifiedToApi),
+            context.unifiedToApi.getConnections(context.agentId)
+        ]);
+        integrations = integrationsResult;
+        existingConnections = connectionsResult.success ? connectionsResult.data || [] : [];
+    }
+    catch (error) {
+        writeError(`❌ Failed to fetch integrations: ${error.message}`);
+        return;
+    }
+    if (integrations.length === 0) {
+        writeError("❌ No integrations available.");
+        console.log("💡 Contact support to enable integrations for your workspace.\n");
+        return;
+    }
+    // Filter out integrations that already have a connection (1 connection per integration type)
+    const connectedTypes = new Set(existingConnections.map(c => c.integrationType));
+    const availableIntegrations = integrations.filter(i => !connectedTypes.has(i.value));
+    if (availableIntegrations.length === 0) {
+        writeInfo("All available integrations are already connected.");
+        console.log("💡 Use 'lua integrations update' to change scopes on an existing connection.\n");
+        return;
+    }
+    writeSuccess(`Found ${availableIntegrations.length} integration(s) available to connect`);
+    // Step 2: Select integration (with search/filter support)
+    let selectedIntegration;
+    if (options.integration) {
+        // Check if already connected
+        if (connectedTypes.has(options.integration)) {
+            console.error(`❌ Integration "${options.integration}" is already connected.`);
+            console.log("💡 Use 'lua integrations update --integration " + options.integration + "' to change scopes.\n");
+            process.exit(1);
+        }
+        selectedIntegration = availableIntegrations.find(i => i.value === options.integration);
+        if (!selectedIntegration) {
+            console.error(`❌ Integration "${options.integration}" not found or not available.`);
+            console.log('\nAvailable integrations to connect:');
+            availableIntegrations.forEach(i => console.log(`  - ${i.value} (${i.name})`));
+            process.exit(1);
+        }
+    }
+    else {
+        // Ask if user wants to search or browse all
+        const searchAnswer = await safePrompt([
+            {
+                type: 'input',
+                name: 'searchTerm',
+                message: 'Search integrations (or press Enter to browse all):',
+            }
+        ]);
+        if (!searchAnswer)
+            return;
+        // Filter integrations based on search term
+        let filteredIntegrations = availableIntegrations;
+        if (searchAnswer.searchTerm.trim()) {
+            const searchLower = searchAnswer.searchTerm.toLowerCase().trim();
+            filteredIntegrations = availableIntegrations.filter(i => i.name.toLowerCase().includes(searchLower) ||
+                i.value.toLowerCase().includes(searchLower) ||
+                i.categories.some(c => c.toLowerCase().includes(searchLower)));
+            if (filteredIntegrations.length === 0) {
+                // Check if the search matches an already-connected integration
+                const matchingConnected = existingConnections.filter(c => c.integrationType.toLowerCase().includes(searchLower) ||
+                    (c.integrationName && c.integrationName.toLowerCase().includes(searchLower)));
+                if (matchingConnected.length > 0) {
+                    const connectedName = matchingConnected[0].integrationName || matchingConnected[0].integrationType;
+                    writeInfo(`"${connectedName}" is already connected.`);
+                    console.log(`💡 Use 'lua integrations update' to change scopes.\n`);
+                    return;
+                }
+                writeInfo(`No integrations found matching "${searchAnswer.searchTerm}"`);
+                // Offer to browse all
+                const browseAnswer = await safePrompt([
+                    {
+                        type: 'confirm',
+                        name: 'browseAll',
+                        message: 'Would you like to browse all available integrations?',
+                        default: true
+                    }
+                ]);
+                if (!browseAnswer?.browseAll)
+                    return;
+                filteredIntegrations = availableIntegrations;
+            }
+            else {
+                writeInfo(`Found ${filteredIntegrations.length} integration(s) matching "${searchAnswer.searchTerm}"`);
+            }
+        }
+        const integrationAnswer = await safePrompt([
+            {
+                type: 'list',
+                name: 'integration',
+                message: 'Select an integration to connect:',
+                pageSize: 15,
+                choices: filteredIntegrations.map(i => {
+                    const authBadge = i.authSupport === 'oauth' ? '🔐' : i.authSupport === 'token' ? '🔑' : '🔐🔑';
+                    return {
+                        name: `${authBadge} ${i.name} (${i.categories.join(', ')})`,
+                        value: i
+                    };
+                })
+            }
+        ]);
+        if (!integrationAnswer)
+            return;
+        selectedIntegration = integrationAnswer.integration;
+    }
+    console.log(`\n📌 Selected: ${selectedIntegration.name}`);
+    console.log(`   Categories: ${selectedIntegration.categories.join(', ')}`);
+    console.log(`   Auth Support: ${selectedIntegration.authSupport}`);
+    console.log(`   OAuth Configured: ${selectedIntegration.oauthConfigured ? 'Yes' : 'No'}`);
+    // Step 3: Determine auth method and get scopes
+    const canUseOAuth = selectedIntegration.oauthConfigured &&
+        ['oauth', 'both'].includes(selectedIntegration.authSupport);
+    const canUseToken = ['token', 'both'].includes(selectedIntegration.authSupport);
+    let authMethod;
+    let selectedScopes = [];
+    // Validate --auth-method if provided
+    if (options.authMethod) {
+        if (!['oauth', 'token'].includes(options.authMethod)) {
+            console.error(`❌ Invalid --auth-method: "${options.authMethod}". Use 'oauth' or 'token'`);
+            process.exit(1);
+        }
+        if (options.authMethod === 'oauth' && !canUseOAuth) {
+            console.error(`❌ OAuth is not available for ${selectedIntegration.name}.`);
+            if (canUseToken) {
+                console.log(`💡 Use --auth-method token instead.`);
+            }
+            process.exit(1);
+        }
+        if (options.authMethod === 'token' && !canUseToken) {
+            console.error(`❌ Token authentication is not available for ${selectedIntegration.name}.`);
+            if (canUseOAuth) {
+                console.log(`💡 Use --auth-method oauth instead.`);
+            }
+            process.exit(1);
+        }
+        authMethod = options.authMethod;
+        writeInfo(`Using ${authMethod === 'oauth' ? 'OAuth 2.0' : 'API Token'} authentication`);
+    }
+    else if (canUseOAuth && canUseToken) {
+        // Both available - let user choose interactively
+        const authAnswer = await safePrompt([{
+                type: 'list',
+                name: 'method',
+                message: 'Choose authentication method:',
+                choices: [
+                    { name: '🔐 OAuth 2.0 (recommended)', value: 'oauth' },
+                    { name: '🔑 API Token / Personal Access Token', value: 'token' }
+                ]
+            }]);
+        if (!authAnswer)
+            return;
+        authMethod = authAnswer.method;
+    }
+    else if (canUseOAuth) {
+        authMethod = 'oauth';
+        writeInfo('Using OAuth 2.0 authentication');
+    }
+    else if (canUseToken) {
+        authMethod = 'token';
+        if (selectedIntegration.authSupport === 'both' && !selectedIntegration.oauthConfigured) {
+            writeInfo('OAuth is not configured - using API Token authentication');
+        }
+    }
+    else {
+        writeError('This integration requires OAuth but it is not configured. Please configure OAuth credentials in the Unified.to dashboard.');
+        return;
+    }
+    // Handle OAuth scope selection
+    if (authMethod === 'oauth' && selectedIntegration.oauthScopes?.length) {
+        const availableScopes = selectedIntegration.oauthScopes.map(s => s.unifiedScope);
+        if (options.scopes) {
+            // Non-interactive: use provided scopes
+            if (options.scopes.toLowerCase() === 'all') {
+                selectedScopes = availableScopes;
+                writeInfo(`Using all ${selectedScopes.length} available scope(s)`);
+            }
+            else {
+                // Parse comma-separated scopes
+                const requestedScopes = options.scopes.split(',').map(s => s.trim());
+                const invalidScopes = requestedScopes.filter(s => !availableScopes.includes(s));
+                if (invalidScopes.length > 0) {
+                    console.error(`❌ Invalid scopes: ${invalidScopes.join(', ')}`);
+                    console.log(`\nAvailable scopes for ${selectedIntegration.name}:`);
+                    availableScopes.forEach(s => console.log(`  - ${s}`));
+                    process.exit(1);
+                }
+                selectedScopes = requestedScopes;
+                writeInfo(`Using ${selectedScopes.length} specified scope(s)`);
+            }
+        }
+        else {
+            // Interactive: prompt for scope selection
+            const scopeAnswer = await safePrompt([{
+                    type: 'checkbox',
+                    name: 'scopes',
+                    message: 'Select OAuth scopes (Space to toggle, Enter to confirm, leave empty for all):',
+                    pageSize: 15,
+                    loop: false,
+                    choices: selectedIntegration.oauthScopes.map(s => {
+                        // Use friendly label if available, otherwise fall back to technical name
+                        const displayName = s.friendlyLabel || s.unifiedScope;
+                        const description = s.friendlyDescription
+                            ? `  (${s.friendlyDescription})`
+                            : `  →  [${s.originalScopes.join(', ')}]`;
+                        return {
+                            name: `${displayName}${description}`,
+                            value: s.unifiedScope,
+                            checked: false
+                        };
+                    })
+                }]);
+            if (!scopeAnswer)
+                return;
+            // If none selected, request all scopes
+            selectedScopes = scopeAnswer.scopes.length > 0
+                ? scopeAnswer.scopes
+                : availableScopes;
+            console.log(`\n✓ Will request ${selectedScopes.length} scope(s)`);
+        }
+    }
+    else if (authMethod === 'oauth') {
+        // OAuth without configurable scopes - Unified.to handles defaults internally
+        if (options.scopes) {
+            writeInfo('Note: This integration does not have configurable scopes');
+        }
+        // selectedScopes stays empty - MCP URL will omit permissions param
+    }
+    // Handle token field display
+    if (authMethod === 'token' && selectedIntegration.tokenFields?.length) {
+        console.log('\n🔑 You will need to provide the following credentials:\n');
+        selectedIntegration.tokenFields.forEach((field, i) => {
+            console.log(`   ${i + 1}. ${field.name}`);
+            if (field.instructions) {
+                console.log(`      💡 ${field.instructions}`);
+            }
+        });
+        console.log('\nYou will enter these on the Unified.to authorization page.\n');
+    }
+    // Determine hide_sensitive setting
+    let hideSensitive = true; // Default to true (hide sensitive data)
+    if (options.hideSensitive !== undefined) {
+        hideSensitive = options.hideSensitive;
+    }
+    else {
+        // Interactive: ask user
+        const sensitiveAnswer = await safePrompt([{
+                type: 'confirm',
+                name: 'hide',
+                message: 'Hide sensitive data from MCP tools? (recommended for security)',
+                default: true
+            }]);
+        if (sensitiveAnswer) {
+            hideSensitive = sensitiveAnswer.hide;
+        }
+    }
+    // Step 4: Select webhook triggers (agent wake-up events)
+    let selectedTriggers = [];
+    let webhookUrl = AGENT_WEBHOOK_URL; // Default: agent trigger mode
+    let isCustomWebhook = false;
+    try {
+        const eventsResult = await context.unifiedToApi.getAvailableWebhookEventsByType(selectedIntegration.value);
+        if (eventsResult.success && eventsResult.data && eventsResult.data.length > 0) {
+            const availableEvents = eventsResult.data;
+            // Determine webhook mode
+            if (options.customWebhook || options.hookUrl) {
+                isCustomWebhook = true;
+                if (options.hookUrl) {
+                    webhookUrl = options.hookUrl;
+                }
+            }
+            if (options.triggers) {
+                // Non-interactive: parse comma-separated triggers (e.g., 'task_task.created,task_task.updated')
+                const requestedTriggers = options.triggers.split(',').map(t => t.trim());
+                for (const trigger of requestedTriggers) {
+                    const [objectType, event] = trigger.split('.');
+                    const matchingEvent = availableEvents.find(e => e.objectType === objectType && e.event === event);
+                    if (!matchingEvent) {
+                        console.error(`❌ Invalid trigger: ${trigger}`);
+                        console.log(`\nAvailable triggers for ${selectedIntegration.name}:`);
+                        availableEvents.forEach(e => {
+                            console.log(`  - ${e.objectType}.${e.event} [${e.webhookType}] - ${e.friendlyDescription}`);
+                        });
+                        process.exit(1);
+                    }
+                    selectedTriggers.push(matchingEvent);
+                }
+                writeInfo(`Selected ${selectedTriggers.length} trigger(s)`);
+                // If custom webhook mode, prompt for URL if not provided
+                if (isCustomWebhook && !options.hookUrl) {
+                    const urlAnswer = await safePrompt([{
+                            type: 'input',
+                            name: 'url',
+                            message: 'Enter your webhook URL:',
+                            validate: (input) => {
+                                try {
+                                    new URL(input);
+                                    return true;
+                                }
+                                catch {
+                                    return 'Please enter a valid URL';
+                                }
+                            }
+                        }]);
+                    if (!urlAnswer)
+                        return;
+                    webhookUrl = urlAnswer.url;
+                }
+            }
+            else {
+                // Interactive: show trigger selection
+                console.log('\n' + '─'.repeat(60));
+                console.log('📡 Webhook Triggers');
+                console.log('─'.repeat(60));
+                console.log('\nSelect events that will wake up your agent:');
+                console.log('(Space to toggle, Enter to confirm. All selected by default.)');
+                const triggerAnswer = await safePrompt([{
+                        type: 'checkbox',
+                        name: 'triggers',
+                        message: 'Select triggers:',
+                        pageSize: 15,
+                        loop: false,
+                        choices: availableEvents.map(e => ({
+                            name: `${e.friendlyDescription} [${e.webhookType}]`,
+                            value: e,
+                            checked: true // Pre-select all by default
+                        }))
+                    }]);
+                if (triggerAnswer && triggerAnswer.triggers.length > 0) {
+                    selectedTriggers = triggerAnswer.triggers;
+                    // Ask about webhook mode only if triggers are selected
+                    const modeAnswer = await safePrompt([{
+                            type: 'list',
+                            name: 'mode',
+                            message: 'How should these events be handled?',
+                            choices: [
+                                { name: '🤖 Agent Trigger (recommended) - Events wake up your agent', value: 'agent' },
+                                { name: '🔗 Custom URL - Send events to your own webhook URL', value: 'custom' }
+                            ]
+                        }]);
+                    if (!modeAnswer)
+                        return;
+                    if (modeAnswer.mode === 'custom') {
+                        isCustomWebhook = true;
+                        const urlAnswer = await safePrompt([{
+                                type: 'input',
+                                name: 'url',
+                                message: 'Enter your webhook URL:',
+                                validate: (input) => {
+                                    try {
+                                        new URL(input);
+                                        return true;
+                                    }
+                                    catch {
+                                        return 'Please enter a valid URL';
+                                    }
+                                }
+                            }]);
+                        if (!urlAnswer)
+                            return;
+                        webhookUrl = urlAnswer.url;
+                    }
+                    console.log(`\n✓ ${selectedTriggers.length} trigger(s) selected`);
+                    if (isCustomWebhook) {
+                        console.log(`  → Events will be sent to: ${webhookUrl}`);
+                    }
+                    else {
+                        console.log(`  → Events will wake up your agent`);
+                    }
+                }
+                else {
+                    console.log(`\n⏭️  No triggers selected - your agent won't be event-driven`);
+                    console.log(`   You can add triggers later with: lua integrations webhooks create`);
+                }
+            }
+        }
+    }
+    catch (error) {
+        // Non-fatal: continue without triggers if we can't fetch events
+        writeInfo(`Note: Could not fetch available triggers (${error.message})`);
+    }
+    // Step 5: Get authorization URL from Lua API
+    writeProgress("🔄 Preparing authorization...");
+    const state = Buffer.from(JSON.stringify({
+        agentId: context.agentId,
+        integration: selectedIntegration.value,
+        authMethod,
+        timestamp: Date.now()
+    })).toString('base64');
+    // Encode both agentId and userId in externalXref for the connection
+    const externalXref = JSON.stringify({
+        agentId: context.agentId,
+        userId: context.userId,
+    });
+    const authUrlResult = await context.unifiedToApi.getAuthUrl(selectedIntegration.value, {
+        successRedirect: CALLBACK_URL,
+        failureRedirect: `${CALLBACK_URL}?error=auth_failed`,
+        scopes: authMethod === 'oauth' ? selectedScopes : undefined,
+        state,
+        externalXref, // Contains both agentId and userId as JSON
+    });
+    if (!authUrlResult.success || !authUrlResult.data) {
+        writeError(`❌ Failed to get authorization URL: ${authUrlResult.error?.message || 'Unknown error'}`);
+        return;
+    }
+    const authUrl = authUrlResult.data.authUrl;
+    // Step 4: Pre-fetch the auth URL to handle redirects
+    let finalAuthUrl = authUrl;
+    try {
+        const response = await fetch(authUrl);
+        const responseText = await response.text();
+        if (responseText.includes('test.html?redirect=')) {
+            const urlMatch = responseText.match(/redirect=([^&\s]+)/);
+            if (urlMatch) {
+                finalAuthUrl = decodeURIComponent(urlMatch[1]);
+            }
+        }
+        else if (responseText.startsWith('https://')) {
+            finalAuthUrl = responseText.trim();
+        }
+    }
+    catch (error) {
+        // Use original auth URL if pre-fetch fails
+    }
+    // Step 5: Start callback server and open browser
+    console.log("\n" + "─".repeat(60));
+    console.log("🌐 Starting OAuth authorization flow...");
+    console.log("─".repeat(60));
+    console.log(`\nIntegration: ${selectedIntegration.name}`);
+    console.log(`\n📋 Authorization URL (copy if browser doesn't open):\n   ${finalAuthUrl}\n`);
+    // Start the callback server
+    const callbackPromise = startCallbackServer(300000); // 5 minute timeout
+    // Auto-open browser
+    try {
+        await open(finalAuthUrl);
+        writeInfo("🌐 Browser opened - please complete the authorization");
+    }
+    catch (error) {
+        writeInfo("💡 Could not open browser automatically. Please open the URL above manually.");
+    }
+    console.log("\n⏳ Waiting for authorization (5 minute timeout)...");
+    console.log("💡 Complete the authorization in your browser.\n");
+    // Wait for callback
+    const result = await callbackPromise;
+    if (result.success && result.connectionId) {
+        writeSuccess("\n✅ Authorization successful!");
+        // Finalize the connection (sets up MCP server internally and creates webhooks)
+        await finalizeConnection(context, selectedIntegration, result.connectionId, selectedScopes, hideSensitive, {
+            triggers: selectedTriggers,
+            webhookUrl,
+            isCustomWebhook,
+        });
+    }
+    else {
+        writeError(`\n❌ Authorization failed: ${result.error || 'Unknown error'}`);
+        console.log("💡 Please try again with 'lua integrations connect'\n");
+    }
+}
+/**
+ * Finalizes a new connection by setting up the MCP server and creating webhooks
+ * The MCP server enables the agent to use tools from this connection
+ * Webhooks enable the agent to be triggered by events from the connection
+ */
+async function finalizeConnection(context, integration, connectionId, scopes, hideSensitive = true, webhookConfig = { triggers: [], webhookUrl: '', isCustomWebhook: false }) {
+    writeProgress(`🔄 Setting up ${integration.name} connection...`);
+    // Build MCP URL
+    let mcpUrl = `${UNIFIED_MCP_BASE_URL}?connection=${connectionId}`;
+    if (hideSensitive) {
+        mcpUrl += '&hide_sensitive=true';
+    }
+    if (scopes.length > 0) {
+        mcpUrl += `&permissions=${scopes.join(',')}`;
+    }
+    // Always defer tools to reduce initial tool loading overhead with LLMs
+    mcpUrl += '&defer_tools=true';
+    // Use simple integration type as name (e.g., 'discord', 'linear')
+    // This makes tool names cleaner: discord_create_message vs unified-discord-abc123_create_message
+    const serverName = integration.value;
+    const mcpServerData = {
+        name: serverName,
+        transport: 'streamable-http',
+        url: mcpUrl,
+        source: 'unifiedto', // Flag for runtime auth injection
+        timeout: 30000,
+    };
+    // ─────────────────────────────────────────────────────────────────────────
+    // Step 1: Set up MCP Server (for tools)
+    // ─────────────────────────────────────────────────────────────────────────
+    let mcpSetupSuccess = false;
+    let isActive = false;
+    let mcpError = null;
+    try {
+        writeProgress(`🔄 Setting up MCP server...`);
+        const result = await context.developerApi.createMCPServer(mcpServerData);
+        if (result.success && result.data) {
+            // Auto-activate the MCP server so the agent can use the connection immediately
+            const activateResult = await context.developerApi.activateMCPServer(result.data.id);
+            isActive = activateResult.success && activateResult.data?.active === true;
+            mcpSetupSuccess = true;
+        }
+        else {
+            mcpError = result.error?.message || 'Unknown error';
+        }
+    }
+    catch (error) {
+        mcpError = error.message || 'Unknown error';
+    }
+    // ─────────────────────────────────────────────────────────────────────────
+    // Step 2: Set up Webhook Triggers (for event-driven agent wake-up)
+    // ─────────────────────────────────────────────────────────────────────────
+    const createdWebhooks = [];
+    const failedWebhooks = [];
+    if (webhookConfig.triggers.length > 0) {
+        writeProgress(`🔄 Setting up ${webhookConfig.triggers.length} trigger(s)...`);
+        for (const trigger of webhookConfig.triggers) {
+            try {
+                // Use per-trigger hookUrl/interval if available, otherwise fall back to defaults
+                const hookUrl = trigger.hookUrl || webhookConfig.webhookUrl || AGENT_WEBHOOK_URL;
+                const interval = trigger.interval ?? (trigger.webhookType === 'virtual' ? DEFAULT_VIRTUAL_WEBHOOK_INTERVAL : undefined);
+                const webhookResult = await context.unifiedToApi.createWebhookSubscription(context.agentId, {
+                    connectionId,
+                    objectType: trigger.objectType,
+                    event: trigger.event,
+                    hookUrl,
+                    interval,
+                });
+                if (webhookResult.success && webhookResult.data) {
+                    createdWebhooks.push(webhookResult.data);
+                }
+                else {
+                    const errorMsg = webhookResult.error?.message || 'Unknown error';
+                    failedWebhooks.push(`${trigger.objectType}.${trigger.event}: ${errorMsg}`);
+                }
+            }
+            catch (error) {
+                const errorMsg = error?.message || 'Unknown error';
+                failedWebhooks.push(`${trigger.objectType}.${trigger.event}: ${errorMsg}`);
+            }
+        }
+    }
+    // ─────────────────────────────────────────────────────────────────────────
+    // Step 3: Display Results
+    // ─────────────────────────────────────────────────────────────────────────
+    console.log("\n" + "─".repeat(60));
+    console.log("🎉 Connection Established!");
+    console.log("─".repeat(60));
+    console.log(`\n  Integration: ${integration.name}`);
+    console.log(`  Connection ID: ${connectionId}`);
+    // MCP Server status
+    console.log(`\n  📦 MCP Server (Tools):`);
+    if (mcpSetupSuccess) {
+        console.log(`    Status: ${isActive ? '🟢 Active' : '🟡 Pending activation'}`);
+        console.log(`    Name: ${serverName}`);
+        console.log(`    Hide Sensitive: ${hideSensitive ? '✅ Yes' : '❌ No'}`);
+    }
+    else {
+        console.log(`    Status: ❌ Failed`);
+        console.log(`    Error: ${mcpError}`);
+    }
+    // Show requested scopes with friendly labels
+    if (scopes.length > 0) {
+        console.log(`\n  🔑 Permissions (${scopes.length}):`);
+        scopes.forEach(scopeName => {
+            const scopeInfo = integration.oauthScopes?.find(s => s.unifiedScope === scopeName);
+            if (scopeInfo?.friendlyLabel) {
+                console.log(`    • ${scopeInfo.friendlyLabel}`);
+            }
+            else {
+                console.log(`    • ${scopeName}`);
+            }
+        });
+    }
+    else {
+        console.log(`\n  🔑 Permissions: Default`);
+    }
+    // Webhook/Triggers status
+    if (webhookConfig.triggers.length > 0) {
+        console.log(`\n  ⚡ Triggers (${createdWebhooks.length}/${webhookConfig.triggers.length}):`);
+        // Compute actual URLs being used (per-trigger hookUrl or default)
+        const actualUrls = webhookConfig.triggers.map(t => t.hookUrl || webhookConfig.webhookUrl || AGENT_WEBHOOK_URL);
+        const uniqueUrls = [...new Set(actualUrls)];
+        const allAgentTriggers = uniqueUrls.every(url => url === AGENT_WEBHOOK_URL);
+        if (allAgentTriggers) {
+            console.log(`    Mode: Agent wake-up`);
+        }
+        else if (uniqueUrls.length === 1) {
+            console.log(`    Mode: Custom webhook`);
+            console.log(`    URL: ${uniqueUrls[0]}`);
+        }
+        else {
+            console.log(`    Mode: Mixed (per-trigger URLs)`);
+        }
+        if (createdWebhooks.length > 0) {
+            createdWebhooks.forEach(wh => {
+                const trigger = webhookConfig.triggers.find(t => t.objectType === wh.objectType && t.event === wh.event);
+                const desc = trigger?.friendlyDescription || `${wh.objectType}.${wh.event}`;
+                console.log(`    ✓ ${desc}`);
+            });
+        }
+        if (failedWebhooks.length > 0) {
+            failedWebhooks.forEach(t => console.log(`    ✗ ${t}`));
+        }
+    }
+    // Summary message
+    console.log("\n" + "─".repeat(60));
+    const capabilities = [];
+    if (mcpSetupSuccess && isActive) {
+        capabilities.push('tools via MCP');
+    }
+    if (createdWebhooks.length > 0) {
+        // Check if any triggers use custom URLs
+        const hasCustomUrls = webhookConfig.triggers.some(t => {
+            const url = t.hookUrl || webhookConfig.webhookUrl || AGENT_WEBHOOK_URL;
+            return url !== AGENT_WEBHOOK_URL;
+        });
+        if (hasCustomUrls) {
+            capabilities.push('webhooks to custom URL');
+        }
+        else {
+            capabilities.push('event-driven triggers');
+        }
+    }
+    if (capabilities.length > 0) {
+        console.log(`✅ ${integration.name} connected! Your agent now has: ${capabilities.join(', ')}`);
+    }
+    else if (mcpSetupSuccess && !isActive) {
+        console.log(`⚠️  Connection created but MCP server pending activation.`);
+        console.log(`   Run: lua mcp activate --server-name ${serverName}`);
+    }
+    else {
+        console.log(`⚠️  Connection created but setup incomplete. Check errors above.`);
+    }
+    console.log();
+}
+async function listConnections(context) {
+    writeProgress("🔄 Loading connections...");
+    try {
+        // Fetch both connections and MCP servers (MCP status is secondary info)
+        const [connectionsResult, serversResult] = await Promise.all([
+            context.unifiedToApi.getConnections(context.agentId),
+            context.developerApi.getMCPServers()
+        ]);
+        const connections = connectionsResult.success ? connectionsResult.data || [] : [];
+        const servers = serversResult.success ? serversResult.data || [] : [];
+        const unifiedServers = servers.filter(s => s.source === 'unifiedto');
+        // Map connection IDs to MCP servers to check tool availability
+        const serverByConnectionId = new Map();
+        for (const server of unifiedServers) {
+            const connectionMatch = server.url?.match(/connection=([a-f0-9]+)/i);
+            if (connectionMatch) {
+                serverByConnectionId.set(connectionMatch[1], server);
+            }
+        }
+        console.log("\n" + "=".repeat(60));
+        console.log("🔗 Connected Integrations");
+        console.log("=".repeat(60) + "\n");
+        if (connections.length === 0) {
+            console.log("ℹ️  No integrations connected yet.");
+            console.log("💡 Run 'lua integrations connect' to connect an integration.\n");
+            return;
+        }
+        for (const connection of connections) {
+            const linkedServer = serverByConnectionId.get(connection.id);
+            const toolsAvailable = linkedServer?.active === true;
+            // Status based on connection health + tool availability
+            let statusIcon = '⚪';
+            let statusText = 'Inactive';
+            if (connection.status === 'unhealthy') {
+                statusIcon = '🔴';
+                statusText = 'Unhealthy - run "lua integrations update" to re-authorize';
+            }
+            else if (connection.status === 'paused') {
+                statusIcon = '⏸️';
+                statusText = 'Paused';
+            }
+            else if (connection.status === 'active' && toolsAvailable) {
+                statusIcon = '🟢';
+                statusText = 'Active';
+            }
+            else if (connection.status === 'active') {
+                statusIcon = '🟡';
+                statusText = 'Connected (MCP pending)';
+            }
+            console.log(`${statusIcon} ${connection.integrationName || connection.integrationType}`);
+            console.log(`   Connection: ${connection.id}`);
+            console.log(`   Status: ${statusText}`);
+            if (linkedServer) {
+                console.log(`   MCP Server: ${linkedServer.name} (${linkedServer.active ? 'active' : 'inactive'})`);
+            }
+            console.log(`   Connected: ${new Date(connection.createdAt).toLocaleDateString()}`);
+            console.log();
+        }
+        console.log("=".repeat(60));
+        console.log(`Total: ${connections.length} integration(s)\n`);
+    }
+    catch (error) {
+        writeError(`❌ Error loading connections: ${error.message}`);
+    }
+}
+async function disconnectIntegration(context, connectionId) {
+    writeProgress(`🔄 Disconnecting... (please wait, do not close this window)`);
+    try {
+        // Clean up associated MCP server (internal implementation detail)
+        const mcpServers = await context.developerApi.getMCPServers();
+        if (mcpServers.success && mcpServers.data) {
+            const associatedServer = mcpServers.data.find(s => s.source === 'unifiedto' && s.url?.includes(`connection=${connectionId}`));
+            if (associatedServer) {
+                await context.developerApi.deleteMCPServer(associatedServer.id);
+            }
+        }
+        // Delete the connection (also deletes webhook subscriptions)
+        const deleteResult = await context.unifiedToApi.deleteConnection(connectionId, context.agentId);
+        if (deleteResult.success) {
+            writeSuccess(`✅ Integration disconnected successfully!`);
+            if (deleteResult.data?.deletedWebhooksCount && deleteResult.data.deletedWebhooksCount > 0) {
+                console.log(`   ✓ Deleted ${deleteResult.data.deletedWebhooksCount} trigger(s)`);
+            }
+            console.log();
+        }
+        else {
+            writeError(`❌ Failed to disconnect: ${deleteResult.error?.message}`);
+        }
+    }
+    catch (error) {
+        writeError(`❌ Error disconnecting: ${error.message}`);
+    }
+}
+async function disconnectIntegrationInteractive(context) {
+    try {
+        const connectionsResult = await context.unifiedToApi.getConnections(context.agentId);
+        if (!connectionsResult.success) {
+            writeError(`❌ Failed to load connections: ${connectionsResult.error?.message}`);
+            return;
+        }
+        const connections = connectionsResult.data || [];
+        if (connections.length === 0) {
+            console.log("\nℹ️  No integrations to disconnect.\n");
+            return;
+        }
+        const connectionAnswer = await safePrompt([
+            {
+                type: 'list',
+                name: 'connection',
+                message: 'Select an integration to disconnect:',
+                choices: connections.map(c => ({
+                    name: `${c.integrationName || c.integrationType} (${c.id.substring(0, 8)}...)`,
+                    value: c.id
+                }))
+            }
+        ]);
+        if (!connectionAnswer?.connection)
+            return;
+        const selectedConnection = connections.find(c => c.id === connectionAnswer.connection);
+        const confirmAnswer = await safePrompt([
+            {
+                type: 'confirm',
+                name: 'confirm',
+                message: `Disconnect ${selectedConnection?.integrationName || selectedConnection?.integrationType}? Your agent will lose access to this integration.`,
+                default: false
+            }
+        ]);
+        if (!confirmAnswer?.confirm) {
+            console.log("\n❌ Cancelled.\n");
+            return;
+        }
+        await disconnectIntegration(context, connectionAnswer.connection);
+    }
+    catch (error) {
+        writeError(`❌ Error: ${error.message}`);
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Update Connection Flow
+// ─────────────────────────────────────────────────────────────────────────────
+async function updateConnectionFlow(context, options = {}) {
+    // Step 1: Fetch existing connections and available integrations
+    writeProgress("🔄 Loading connections...");
+    let connections = [];
+    let integrations = [];
+    try {
+        const [connectionsResult, integrationsResult] = await Promise.all([
+            context.unifiedToApi.getConnections(context.agentId),
+            fetchAvailableIntegrations(context.unifiedToApi)
+        ]);
+        connections = connectionsResult.success ? connectionsResult.data || [] : [];
+        integrations = integrationsResult;
+    }
+    catch (error) {
+        writeError(`❌ Failed to load connections: ${error.message}`);
+        return;
+    }
+    if (connections.length === 0) {
+        writeInfo("No integrations to update.");
+        console.log("💡 Run 'lua integrations connect' to connect an integration.\n");
+        return;
+    }
+    // Step 2: Select connection to update
+    let selectedConnection;
+    let selectedIntegration;
+    if (options.integration) {
+        // Find connection by integration type
+        selectedConnection = connections.find(c => c.integrationType === options.integration);
+        if (!selectedConnection) {
+            console.error(`❌ No connection found for integration "${options.integration}".`);
+            console.log('\nConnected integrations:');
+            connections.forEach(c => console.log(`  - ${c.integrationType} (${c.integrationName || c.integrationType})`));
+            process.exit(1);
+        }
+        selectedIntegration = integrations.find(i => i.value === options.integration);
+    }
+    else {
+        // Interactive selection
+        const connectionAnswer = await safePrompt([
+            {
+                type: 'list',
+                name: 'connection',
+                message: 'Select a connection to update:',
+                choices: connections.map(c => ({
+                    name: `${c.integrationName || c.integrationType} (${c.id.substring(0, 8)}...)`,
+                    value: c
+                }))
+            }
+        ]);
+        if (!connectionAnswer?.connection)
+            return;
+        selectedConnection = connectionAnswer.connection;
+        selectedIntegration = integrations.find(i => i.value === selectedConnection.integrationType);
+    }
+    if (!selectedIntegration) {
+        writeError(`❌ Integration details not found for ${selectedConnection.integrationType}`);
+        return;
+    }
+    console.log(`\n📌 Updating: ${selectedIntegration.name}`);
+    console.log(`   Current Connection ID: ${selectedConnection.id}`);
+    // Step 3: Check if OAuth with configurable scopes
+    const canUseOAuth = selectedIntegration.oauthConfigured &&
+        ['oauth', 'both'].includes(selectedIntegration.authSupport);
+    if (!canUseOAuth || !selectedIntegration.oauthScopes?.length) {
+        writeInfo("This integration does not have configurable scopes.");
+        console.log("💡 To reconnect with different credentials, disconnect and connect again.\n");
+        return;
+    }
+    // Step 4: Select new scopes
+    const availableScopes = selectedIntegration.oauthScopes.map(s => s.unifiedScope);
+    let selectedScopes = [];
+    if (options.scopes) {
+        // Non-interactive: use provided scopes
+        if (options.scopes.toLowerCase() === 'all') {
+            selectedScopes = availableScopes;
+            writeInfo(`Using all ${selectedScopes.length} available scope(s)`);
+        }
+        else {
+            const requestedScopes = options.scopes.split(',').map(s => s.trim());
+            const invalidScopes = requestedScopes.filter(s => !availableScopes.includes(s));
+            if (invalidScopes.length > 0) {
+                console.error(`❌ Invalid scopes: ${invalidScopes.join(', ')}`);
+                console.log(`\nAvailable scopes for ${selectedIntegration.name}:`);
+                availableScopes.forEach(s => console.log(`  - ${s}`));
+                process.exit(1);
+            }
+            selectedScopes = requestedScopes;
+            writeInfo(`Using ${selectedScopes.length} specified scope(s)`);
+        }
+    }
+    else {
+        // Interactive: prompt for scope selection
+        const scopeAnswer = await safePrompt([{
+                type: 'checkbox',
+                name: 'scopes',
+                message: 'Select new OAuth scopes (Space to toggle, Enter to confirm, leave empty for all):',
+                pageSize: 15,
+                loop: false,
+                choices: selectedIntegration.oauthScopes.map(s => {
+                    // Use friendly label if available, otherwise fall back to technical name
+                    const displayName = s.friendlyLabel || s.unifiedScope;
+                    const description = s.friendlyDescription
+                        ? `  (${s.friendlyDescription})`
+                        : `  →  [${s.originalScopes.join(', ')}]`;
+                    return {
+                        name: `${displayName}${description}`,
+                        value: s.unifiedScope,
+                        checked: false
+                    };
+                })
+            }]);
+        if (!scopeAnswer)
+            return;
+        selectedScopes = scopeAnswer.scopes.length > 0
+            ? scopeAnswer.scopes
+            : availableScopes;
+        console.log(`\n✓ Will request ${selectedScopes.length} scope(s)`);
+    }
+    // Determine hide_sensitive setting
+    let hideSensitive = true; // Default to true
+    if (options.hideSensitive !== undefined) {
+        hideSensitive = options.hideSensitive;
+    }
+    else {
+        // Interactive: ask user
+        const sensitiveAnswer = await safePrompt([{
+                type: 'confirm',
+                name: 'hide',
+                message: 'Hide sensitive data from MCP tools? (recommended for security)',
+                default: true
+            }]);
+        if (sensitiveAnswer) {
+            hideSensitive = sensitiveAnswer.hide;
+        }
+    }
+    // Step 5: Fetch existing triggers before deletion (so we can re-create them)
+    let existingTriggers = [];
+    try {
+        const webhooksResult = await context.unifiedToApi.getWebhookSubscriptions(context.agentId);
+        if (webhooksResult.success && webhooksResult.data && webhooksResult.data.length > 0) {
+            // Filter webhooks to only those belonging to this connection
+            const connectionWebhooks = webhooksResult.data.filter(w => w.connectionId === selectedConnection.id);
+            existingTriggers = connectionWebhooks.map(w => ({
+                objectType: w.objectType,
+                event: w.event,
+                hookUrl: w.hookUrl,
+                interval: w.interval,
+            }));
+            if (existingTriggers.length > 0) {
+                writeInfo(`Found ${existingTriggers.length} existing trigger(s) - will restore after update`);
+            }
+        }
+    }
+    catch (error) {
+        // If we can't fetch existing triggers, continue without them
+    }
+    // Step 6: Confirm the update
+    if (!options.integration) {
+        const confirmAnswer = await safePrompt([
+            {
+                type: 'confirm',
+                name: 'confirm',
+                message: `Update ${selectedIntegration.name}? This will re-authorize with new scopes.`,
+                default: true
+            }
+        ]);
+        if (!confirmAnswer?.confirm) {
+            console.log("\n❌ Cancelled.\n");
+            return;
+        }
+    }
+    // Step 7: Delete the old connection (silently)
+    writeProgress(`🔄 Updating ${selectedIntegration.name}...`);
+    try {
+        // Clean up old MCP server
+        const mcpServers = await context.developerApi.getMCPServers();
+        if (mcpServers.success && mcpServers.data) {
+            const associatedServer = mcpServers.data.find(s => s.source === 'unifiedto' && s.url?.includes(`connection=${selectedConnection.id}`));
+            if (associatedServer) {
+                await context.developerApi.deleteMCPServer(associatedServer.id);
+            }
+        }
+        // Delete old connection (this also deletes associated webhooks in Unified.to)
+        await context.unifiedToApi.deleteConnection(selectedConnection.id, context.agentId);
+    }
+    catch (error) {
+        writeError(`❌ Failed to remove old connection: ${error.message}`);
+        return;
+    }
+    // Step 8: Create new connection with new scopes
+    const state = Buffer.from(JSON.stringify({
+        agentId: context.agentId,
+        integration: selectedIntegration.value,
+        authMethod: 'oauth',
+        timestamp: Date.now()
+    })).toString('base64');
+    const externalXref = JSON.stringify({
+        agentId: context.agentId,
+        userId: context.userId,
+    });
+    const authUrlResult = await context.unifiedToApi.getAuthUrl(selectedIntegration.value, {
+        successRedirect: CALLBACK_URL,
+        failureRedirect: `${CALLBACK_URL}?error=auth_failed`,
+        scopes: selectedScopes,
+        state,
+        externalXref,
+    });
+    if (!authUrlResult.success || !authUrlResult.data) {
+        writeError(`❌ Failed to get authorization URL: ${authUrlResult.error?.message || 'Unknown error'}`);
+        return;
+    }
+    const authUrl = authUrlResult.data.authUrl;
+    // Pre-fetch to handle redirects
+    let finalAuthUrl = authUrl;
+    try {
+        const response = await fetch(authUrl);
+        const responseText = await response.text();
+        if (responseText.includes('test.html?redirect=')) {
+            const urlMatch = responseText.match(/redirect=([^&\s]+)/);
+            if (urlMatch) {
+                finalAuthUrl = decodeURIComponent(urlMatch[1]);
+            }
+        }
+        else if (responseText.startsWith('https://')) {
+            finalAuthUrl = responseText.trim();
+        }
+    }
+    catch (error) {
+        // Use original auth URL if pre-fetch fails
+    }
+    // Step 9: Open browser and wait for callback
+    console.log("\n" + "─".repeat(60));
+    console.log("🌐 Re-authorizing with new scopes...");
+    console.log("─".repeat(60));
+    console.log(`\n📋 Authorization URL (copy if browser doesn't open):\n   ${finalAuthUrl}\n`);
+    const callbackPromise = startCallbackServer(300000);
+    try {
+        await open(finalAuthUrl);
+        writeInfo("🌐 Browser opened - please complete the authorization");
+    }
+    catch (error) {
+        writeInfo("💡 Could not open browser automatically. Please open the URL above manually.");
+    }
+    console.log("\n⏳ Waiting for authorization (5 minute timeout)...");
+    console.log("💡 Complete the authorization in your browser.\n");
+    const result = await callbackPromise;
+    if (result.success && result.connectionId) {
+        writeSuccess("\n✅ Authorization successful!");
+        // Check if any triggers use custom webhooks
+        const hasCustomWebhook = existingTriggers.some(t => t.hookUrl !== AGENT_WEBHOOK_URL);
+        // Convert existing triggers to TriggerWithSettings format, preserving per-trigger hookUrl and interval
+        let triggersToRestore = [];
+        if (existingTriggers.length > 0) {
+            try {
+                const eventsResult = await context.unifiedToApi.getAvailableWebhookEventsByType(selectedIntegration.value);
+                if (eventsResult.success && eventsResult.data) {
+                    for (const trigger of existingTriggers) {
+                        const matchingEvent = eventsResult.data.find(e => e.objectType === trigger.objectType && e.event === trigger.event);
+                        if (matchingEvent) {
+                            // Preserve per-trigger hookUrl and interval from original webhook
+                            triggersToRestore.push({
+                                ...matchingEvent,
+                                hookUrl: trigger.hookUrl,
+                                interval: trigger.interval,
+                            });
+                        }
+                    }
+                }
+            }
+            catch (error) {
+                // If we can't match triggers, continue without them
+            }
+        }
+        await finalizeConnection(context, selectedIntegration, result.connectionId, selectedScopes, hideSensitive, {
+            triggers: triggersToRestore,
+            webhookUrl: AGENT_WEBHOOK_URL, // Default, but per-trigger hookUrl will override if set
+            isCustomWebhook: hasCustomWebhook,
+        });
+        if (triggersToRestore.length > 0) {
+            writeSuccess(`Restored ${triggersToRestore.length} trigger(s) from previous connection`);
+        }
+    }
+    else {
+        writeError(`\n❌ Authorization failed: ${result.error || 'Unknown error'}`);
+        console.log("💡 The old connection was removed. Please reconnect with 'lua integrations connect'\n");
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Webhook Subscription Flows
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Handle webhooks subcommand (non-interactive)
+ */
+async function webhooksSubcommand(context, cmdOptions) {
+    const subAction = cmdOptions?._?.[0]?.toLowerCase() || '';
+    const options = {
+        connectionId: cmdOptions?.connection || cmdOptions?.connectionId,
+        webhookId: cmdOptions?.webhookId,
+        objectType: cmdOptions?.object,
+        event: cmdOptions?.event,
+        hookUrl: cmdOptions?.hookUrl,
+        interval: cmdOptions?.interval ? parseInt(cmdOptions.interval, 10) : undefined,
+        integration: cmdOptions?.integration,
+    };
+    const jsonOutput = cmdOptions?.json === true;
+    switch (subAction) {
+        case 'list':
+            await webhooksListFlow(context, jsonOutput);
+            break;
+        case 'create':
+            await webhooksCreateFlow(context, options);
+            break;
+        case 'delete':
+            if (!options.webhookId) {
+                console.error("❌ --webhook-id is required for delete");
+                console.log("\n💡 Run 'lua integrations webhooks list' to see trigger IDs");
+                process.exit(1);
+            }
+            await webhooksDeleteFlow(context, options.webhookId);
+            break;
+        case 'events':
+            // New: List available webhook events for a connection or integration type
+            await webhooksEventsFlow(context, options, jsonOutput);
+            break;
+        default:
+            console.error(`❌ Invalid webhooks action: "${subAction || '(none)'}"`);
+            console.log('\nUsage:');
+            console.log('  lua integrations webhooks list                              List triggers');
+            console.log('  lua integrations webhooks events --connection <id>          List available events for a connection');
+            console.log('  lua integrations webhooks events --integration <type>       List available events for an integration');
+            console.log('  lua integrations webhooks create                            Create trigger (interactive)');
+            console.log('  lua integrations webhooks create --connection <id> --object <type> --event <event> --hook-url <url>');
+            console.log('  lua integrations webhooks delete --webhook-id <id>          Delete trigger');
+            process.exit(1);
+    }
+}
+/**
+ * Show available webhook events for a connection or integration type
+ * Used for non-interactive discovery
+ */
+async function webhooksEventsFlow(context, options, jsonOutput = false) {
+    try {
+        let webhookEvents = [];
+        let sourceName = '';
+        if (options.connectionId) {
+            // Get events by connection ID
+            const eventsResult = await context.unifiedToApi.getAvailableWebhookEvents(context.agentId, options.connectionId);
+            if (eventsResult.success && eventsResult.data) {
+                webhookEvents = eventsResult.data;
+            }
+            sourceName = `connection ${options.connectionId}`;
+        }
+        else if (options.integration) {
+            // Get events by integration type
+            const eventsResult = await context.unifiedToApi.getAvailableWebhookEventsByType(options.integration);
+            if (eventsResult.success && eventsResult.data) {
+                webhookEvents = eventsResult.data;
+            }
+            sourceName = `integration ${options.integration}`;
+        }
+        else {
+            if (jsonOutput) {
+                console.log(JSON.stringify({ error: 'Either --connection or --integration is required' }));
+            }
+            else {
+                console.error("❌ Either --connection <id> or --integration <type> is required");
+                console.log("\nUsage:");
+                console.log("  lua integrations webhooks events --connection <id>");
+                console.log("  lua integrations webhooks events --integration <type>");
+            }
+            process.exit(1);
+        }
+        if (jsonOutput) {
+            const output = {
+                source: sourceName,
+                events: webhookEvents.map(e => ({
+                    trigger: `${e.objectType}.${e.event}`,
+                    objectType: e.objectType,
+                    event: e.event,
+                    webhookType: e.webhookType,
+                    friendlyLabel: e.friendlyLabel,
+                    friendlyDescription: e.friendlyDescription,
+                    availableFilters: e.availableFilters,
+                })),
+                defaults: {
+                    agentWebhookUrl: AGENT_WEBHOOK_URL,
+                    defaultVirtualInterval: DEFAULT_VIRTUAL_WEBHOOK_INTERVAL,
+                },
+            };
+            console.log(JSON.stringify(output, null, 2));
+        }
+        else {
+            console.log("\n" + "=".repeat(60));
+            console.log(`📡 Available Trigger Events for ${sourceName}`);
+            console.log("=".repeat(60) + "\n");
+            if (webhookEvents.length === 0) {
+                console.log("ℹ️  No trigger events available for this integration.\n");
+            }
+            else {
+                webhookEvents.forEach(e => {
+                    console.log(`  ${e.objectType}.${e.event} [${e.webhookType}]`);
+                    console.log(`    ${e.friendlyDescription}`);
+                    if (e.availableFilters.length > 0) {
+                        console.log(`    Filters: ${e.availableFilters.join(', ')}`);
+                    }
+                    console.log();
+                });
+                console.log("─".repeat(60));
+                console.log(`Total: ${webhookEvents.length} event(s) available`);
+                console.log("\n💡 Use with --triggers flag:");
+                const exampleTriggers = webhookEvents.slice(0, 2).map(e => `${e.objectType}.${e.event}`).join(',');
+                console.log(`   lua integrations connect --integration <type> --triggers ${exampleTriggers}\n`);
+            }
+        }
+    }
+    catch (error) {
+        if (jsonOutput) {
+            console.log(JSON.stringify({ error: error.message }));
+        }
+        else {
+            writeError(`❌ Failed to get trigger events: ${error.message}`);
+        }
+        process.exit(1);
+    }
+}
+/**
+ * Interactive webhooks menu
+ */
+async function webhooksInteractiveMenu(context) {
+    console.log("\n" + "─".repeat(60));
+    console.log("🔔 Triggers");
+    console.log("─".repeat(60) + "\n");
+    const actionAnswer = await safePrompt([
+        {
+            type: 'list',
+            name: 'action',
+            message: 'What would you like to do?',
+            choices: [
+                { name: '📋 List triggers', value: 'list' },
+                { name: '➕ Create new subscription', value: 'create' },
+                { name: '🗑️  Delete subscription', value: 'delete' },
+                { name: '← Back', value: 'back' }
+            ]
+        }
+    ]);
+    if (!actionAnswer || actionAnswer.action === 'back')
+        return;
+    switch (actionAnswer.action) {
+        case 'list':
+            await webhooksListFlow(context);
+            break;
+        case 'create':
+            await webhooksCreateFlow(context, {});
+            break;
+        case 'delete':
+            await webhooksDeleteInteractive(context);
+            break;
+    }
+}
+/**
+ * List all webhook subscriptions
+ */
+async function webhooksListFlow(context, jsonOutput = false) {
+    writeProgress("🔄 Loading triggers...");
+    try {
+        const result = await context.unifiedToApi.getWebhookSubscriptions(context.agentId);
+        if (!result.success) {
+            if (jsonOutput) {
+                console.log(JSON.stringify({ error: result.error?.message || 'Failed to load triggers' }));
+            }
+            else {
+                writeError(`❌ Failed to load triggers: ${result.error?.message}`);
+            }
+            return;
+        }
+        const webhooks = result.data || [];
+        if (jsonOutput) {
+            // Output as JSON for scripting
+            console.log(JSON.stringify({
+                triggers: webhooks.map(wh => ({
+                    id: wh.id,
+                    integrationType: wh.integrationType,
+                    objectType: wh.objectType,
+                    event: wh.event,
+                    webhookType: wh.webhookType,
+                    hookUrl: wh.hookUrl,
+                    status: wh.status,
+                    interval: wh.interval,
+                    connectionId: wh.connectionId,
+                })),
+                total: webhooks.length,
+            }, null, 2));
+            return;
+        }
+        console.log("\n" + "─".repeat(60));
+        console.log("⚡ Triggers / Webhook Subscriptions");
+        console.log("─".repeat(60) + "\n");
+        if (webhooks.length === 0) {
+            console.log("ℹ️  No triggers configured yet.\n");
+            console.log("💡 Add triggers when connecting: lua integrations connect --triggers <events>");
+            console.log("   Or manually: lua integrations webhooks create\n");
+            return;
+        }
+        // Group by integration
+        const byIntegration = new Map();
+        for (const wh of webhooks) {
+            const key = wh.integrationType;
+            if (!byIntegration.has(key))
+                byIntegration.set(key, []);
+            byIntegration.get(key).push(wh);
+        }
+        for (const [integration, integrationWebhooks] of byIntegration) {
+            console.log(`📦 ${integration}`);
+            for (const wh of integrationWebhooks) {
+                const statusIcon = wh.status === 'active' ? '✅' : '⚪';
+                const typeLabel = wh.webhookType === 'native' ? 'push' : 'poll';
+                const isAgentTrigger = wh.hookUrl.includes('webhook/unifiedto');
+                const mode = isAgentTrigger ? 'agent trigger' : 'custom URL';
+                // Show webhook ID for delete operations
+                console.log(`   ${statusIcon} ${wh.objectType}.${wh.event} (${typeLabel}, ${mode})`);
+                console.log(`      ID: ${wh.id}`);
+                if (!isAgentTrigger) {
+                    console.log(`      URL: ${wh.hookUrl}`);
+                }
+            }
+            console.log();
+        }
+        console.log("─".repeat(60));
+        console.log(`Total: ${webhooks.length} trigger(s)\n`);
+    }
+    catch (error) {
+        if (jsonOutput) {
+            console.log(JSON.stringify({ error: error.message }));
+        }
+        else {
+            writeError(`❌ Error: ${error.message}`);
+        }
+    }
+}
+/**
+ * Create a webhook subscription
+ */
+async function webhooksCreateFlow(context, options) {
+    // Step 1: Fetch connections
+    writeProgress("🔄 Loading connections...");
+    let connections = [];
+    try {
+        const connectionsResult = await context.unifiedToApi.getConnections(context.agentId);
+        if (!connectionsResult.success) {
+            writeError(`❌ Failed to load connections: ${connectionsResult.error?.message}`);
+            return;
+        }
+        connections = connectionsResult.data || [];
+    }
+    catch (error) {
+        writeError(`❌ Error: ${error.message}`);
+        return;
+    }
+    if (connections.length === 0) {
+        writeInfo("No connections available.");
+        console.log("💡 Run 'lua integrations connect' to connect an integration first.\n");
+        return;
+    }
+    // Step 2: Select connection
+    let selectedConnection;
+    if (options.connectionId) {
+        selectedConnection = connections.find(c => c.id === options.connectionId);
+        if (!selectedConnection) {
+            console.error(`❌ Connection "${options.connectionId}" not found.`);
+            console.log('\nAvailable connections:');
+            connections.forEach(c => console.log(`  - ${c.id} (${c.integrationName || c.integrationType})`));
+            process.exit(1);
+        }
+    }
+    else {
+        const connectionAnswer = await safePrompt([
+            {
+                type: 'list',
+                name: 'connection',
+                message: 'Select a connection:',
+                choices: connections.map(c => ({
+                    name: `${c.integrationName || c.integrationType} (${c.id.substring(0, 8)}...)`,
+                    value: c
+                }))
+            }
+        ]);
+        if (!connectionAnswer)
+            return;
+        selectedConnection = connectionAnswer.connection;
+    }
+    // Step 3: Get available events for this connection
+    writeProgress("🔄 Loading available events...");
+    let availableEvents = [];
+    try {
+        const eventsResult = await context.unifiedToApi.getAvailableWebhookEvents(context.agentId, selectedConnection.id);
+        if (!eventsResult.success) {
+            writeError(`❌ Failed to load events: ${eventsResult.error?.message}`);
+            return;
+        }
+        availableEvents = eventsResult.data || [];
+    }
+    catch (error) {
+        writeError(`❌ Error: ${error.message}`);
+        return;
+    }
+    if (availableEvents.length === 0) {
+        writeInfo(`No trigger events available for ${selectedConnection.integrationName || selectedConnection.integrationType}.`);
+        console.log("💡 This integration may not support triggers.\n");
+        return;
+    }
+    // Step 4: Select event
+    let selectedEvent;
+    if (options.objectType && options.event) {
+        selectedEvent = availableEvents.find(e => e.objectType === options.objectType && e.event === options.event);
+        if (!selectedEvent) {
+            console.error(`❌ Event '${options.objectType}.${options.event}' is not supported.`);
+            console.log(`\nAvailable events for ${selectedConnection.integrationName || selectedConnection.integrationType}:`);
+            availableEvents.forEach(e => console.log(`  - ${e.objectType}.${e.event} [${e.webhookType}]`));
+            process.exit(1);
+        }
+    }
+    else {
+        console.log(`\nAvailable trigger events for ${selectedConnection.integrationName || selectedConnection.integrationType}:\n`);
+        const eventAnswer = await safePrompt([
+            {
+                type: 'list',
+                name: 'event',
+                message: 'Select an event to subscribe to:',
+                pageSize: 15,
+                choices: availableEvents.map(e => ({
+                    name: `${e.objectTypeDisplay} - ${e.event.charAt(0).toUpperCase() + e.event.slice(1)} [${e.webhookType}]`,
+                    value: e
+                }))
+            }
+        ]);
+        if (!eventAnswer)
+            return;
+        selectedEvent = eventAnswer.event;
+    }
+    // Step 5: Get webhook URL
+    let hookUrl;
+    if (options.hookUrl) {
+        hookUrl = options.hookUrl;
+    }
+    else {
+        const webhookAnswer = await safePrompt([
+            {
+                type: 'input',
+                name: 'hookUrl',
+                message: 'Enter the full webhook URL to receive events:',
+                validate: (input) => {
+                    if (!input.trim())
+                        return 'Webhook URL is required';
+                    try {
+                        new URL(input);
+                        return true;
+                    }
+                    catch {
+                        return 'Enter a valid URL (e.g., https://webhook.heylua.ai/myagent/handler)';
+                    }
+                }
+            }
+        ]);
+        if (!webhookAnswer)
+            return;
+        hookUrl = webhookAnswer.hookUrl.trim();
+    }
+    // Step 6: Get interval for virtual webhooks
+    let interval;
+    const intervalOptions = [
+        { name: '1 hour', value: 60 },
+        { name: '2 hours', value: 120 },
+        { name: '4 hours', value: 240 },
+        { name: '8 hours', value: 480 },
+        { name: '12 hours', value: 720 },
+        { name: '24 hours (1 day)', value: 1440 },
+        { name: '48 hours (2 days)', value: 2880 },
+    ];
+    if (selectedEvent.webhookType === 'virtual') {
+        if (options.interval !== undefined) {
+            interval = options.interval;
+        }
+        else {
+            const intervalAnswer = await safePrompt([
+                {
+                    type: 'list',
+                    name: 'interval',
+                    message: 'Select polling interval:',
+                    choices: intervalOptions,
+                    default: 60,
+                }
+            ]);
+            if (!intervalAnswer)
+                return;
+            interval = intervalAnswer.interval;
+        }
+    }
+    // Helper to format interval display
+    const formatInterval = (minutes) => {
+        const option = intervalOptions.find(o => o.value === minutes);
+        return option ? option.name : `${minutes} minutes`;
+    };
+    // Step 7: Confirmation (interactive only)
+    if (!options.connectionId) {
+        console.log("\n" + "─".repeat(60));
+        console.log("📋 Trigger Summary");
+        console.log("─".repeat(60));
+        console.log(`   Connection: ${selectedConnection.integrationName || selectedConnection.integrationType}`);
+        console.log(`   Event: ${selectedEvent.objectType}.${selectedEvent.event} [${selectedEvent.webhookType}]`);
+        console.log(`   Webhook URL: ${hookUrl}`);
+        if (interval)
+            console.log(`   Interval: ${formatInterval(interval)}`);
+        console.log("─".repeat(60) + "\n");
+        const confirmAnswer = await safePrompt([
+            {
+                type: 'confirm',
+                name: 'confirm',
+                message: 'Create this trigger?',
+                default: true
+            }
+        ]);
+        if (!confirmAnswer?.confirm) {
+            console.log("\n❌ Cancelled.\n");
+            return;
+        }
+    }
+    // Step 8: Create the webhook
+    writeProgress("🔄 Creating trigger...");
+    try {
+        const createResult = await context.unifiedToApi.createWebhookSubscription(context.agentId, {
+            connectionId: selectedConnection.id,
+            objectType: selectedEvent.objectType,
+            event: selectedEvent.event,
+            hookUrl,
+            interval,
+        });
+        if (!createResult.success || !createResult.data) {
+            writeError(`❌ Failed to create trigger: ${createResult.error?.message}`);
+            return;
+        }
+        const webhook = createResult.data;
+        const isAgentTrigger = webhook.hookUrl.includes('webhook/unifiedto');
+        const typeLabel = webhook.webhookType === 'native' ? 'push' : 'polling';
+        console.log("\n" + "─".repeat(60));
+        writeSuccess("✅ Trigger created!");
+        console.log("─".repeat(60));
+        console.log(`   Integration: ${webhook.integrationType}`);
+        console.log(`   Event: ${webhook.objectType}.${webhook.event}`);
+        console.log(`   Type: ${typeLabel}`);
+        console.log(`   Mode: ${isAgentTrigger ? 'Agent wake-up' : 'Custom URL'}`);
+        if (!isAgentTrigger) {
+            console.log(`   URL: ${webhook.hookUrl}`);
+        }
+        if (webhook.interval)
+            console.log(`   Poll interval: ${formatInterval(webhook.interval)}`);
+        console.log(`   Status: ${webhook.status}`);
+        console.log("─".repeat(60) + "\n");
+        if (isAgentTrigger) {
+            console.log("💡 Your agent will now wake up when this event occurs.\n");
+        }
+        else {
+            console.log("💡 Ensure your webhook endpoint is ready to receive events.\n");
+        }
+    }
+    catch (error) {
+        writeError(`❌ Error: ${error.message}`);
+    }
+}
+/**
+ * Delete a webhook subscription (interactive)
+ */
+async function webhooksDeleteInteractive(context) {
+    writeProgress("🔄 Loading triggers...");
+    try {
+        const result = await context.unifiedToApi.getWebhookSubscriptions(context.agentId);
+        if (!result.success) {
+            writeError(`❌ Failed to load triggers: ${result.error?.message}`);
+            return;
+        }
+        const webhooks = result.data || [];
+        if (webhooks.length === 0) {
+            console.log("\nℹ️  No triggers to delete.\n");
+            return;
+        }
+        const webhookAnswer = await safePrompt([
+            {
+                type: 'list',
+                name: 'webhook',
+                message: 'Select a trigger to delete:',
+                choices: webhooks.map(wh => {
+                    // Show last part of URL for readability
+                    const urlParts = (wh.hookUrl || '').split('/');
+                    const shortUrl = urlParts.length > 3 ? '.../' + urlParts.slice(-2).join('/') : wh.hookUrl || '';
+                    return {
+                        name: `${wh.id.substring(0, 8)}... - ${wh.integrationType} ${wh.objectType}.${wh.event} → ${shortUrl}`,
+                        value: wh.id
+                    };
+                })
+            }
+        ]);
+        if (!webhookAnswer?.webhook)
+            return;
+        const selectedWebhook = webhooks.find(wh => wh.id === webhookAnswer.webhook);
+        const confirmAnswer = await safePrompt([
+            {
+                type: 'confirm',
+                name: 'confirm',
+                message: `Delete trigger for ${selectedWebhook?.objectType}.${selectedWebhook?.event}?`,
+                default: false
+            }
+        ]);
+        if (!confirmAnswer?.confirm) {
+            console.log("\n❌ Cancelled.\n");
+            return;
+        }
+        await webhooksDeleteFlow(context, webhookAnswer.webhook);
+    }
+    catch (error) {
+        writeError(`❌ Error: ${error.message}`);
+    }
+}
+/**
+ * Delete a webhook subscription (non-interactive)
+ */
+async function webhooksDeleteFlow(context, webhookId) {
+    writeProgress("🔄 Deleting trigger...");
+    try {
+        const result = await context.unifiedToApi.deleteWebhookSubscription(context.agentId, webhookId);
+        if (result.success) {
+            writeSuccess(`✅ Trigger deleted: ${webhookId}\n`);
+        }
+        else {
+            writeError(`❌ Failed to delete trigger: ${result.error?.message}`);
+        }
+    }
+    catch (error) {
+        writeError(`❌ Error: ${error.message}`);
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// MCP Server Management
+// ─────────────────────────────────────────────────────────────────────────────
+/**
+ * Handle mcp subcommand (non-interactive entry point)
+ */
+async function mcpSubcommand(context, cmdOptions) {
+    const subAction = cmdOptions?._?.[0]?.toLowerCase() || '';
+    const options = {
+        connectionId: cmdOptions?.connection || cmdOptions?.connectionId,
+    };
+    await mcpManagementFlow(context, options, subAction);
+}
+/**
+ * Main handler for MCP management subcommand
+ */
+async function mcpManagementFlow(context, options, subAction) {
+    // Non-interactive mode
+    if (subAction === 'list') {
+        await mcpListFlow(context);
+        return;
+    }
+    if (subAction === 'activate') {
+        if (!options.connectionId) {
+            writeError("❌ Missing required option: --connection <id>");
+            console.log("\n💡 Use 'lua integrations mcp list' to see available connection IDs.\n");
+            return;
+        }
+        await mcpActivateFlow(context, options.connectionId);
+        return;
+    }
+    if (subAction === 'deactivate') {
+        if (!options.connectionId) {
+            writeError("❌ Missing required option: --connection <id>");
+            console.log("\n💡 Use 'lua integrations mcp list' to see available connection IDs.\n");
+            return;
+        }
+        await mcpDeactivateFlow(context, options.connectionId);
+        return;
+    }
+    // Interactive mode
+    const actionAnswer = await safePrompt([
+        {
+            type: 'list',
+            name: 'action',
+            message: 'What would you like to do?',
+            choices: [
+                { name: '📋 List connections with MCP status', value: 'list' },
+                { name: '✅ Activate MCP server for a connection', value: 'activate' },
+                { name: '⏸️  Deactivate MCP server for a connection', value: 'deactivate' },
+                { name: '← Back', value: 'back' }
+            ]
+        }
+    ]);
+    if (!actionAnswer || actionAnswer.action === 'back')
+        return;
+    switch (actionAnswer.action) {
+        case 'list':
+            await mcpListFlow(context);
+            break;
+        case 'activate':
+            await mcpActivateInteractive(context);
+            break;
+        case 'deactivate':
+            await mcpDeactivateInteractive(context);
+            break;
+    }
+}
+/**
+ * List all connections with their MCP server status
+ */
+async function mcpListFlow(context) {
+    writeProgress("🔄 Loading connections and MCP servers...");
+    try {
+        const [connectionsResult, mcpServers] = await Promise.all([
+            context.unifiedToApi.getConnections(context.agentId),
+            fetchServersCore(context)
+        ]);
+        if (!connectionsResult.success) {
+            writeError(`❌ Failed to load connections: ${connectionsResult.error?.message}`);
+            return;
+        }
+        if (!mcpServers)
+            return;
+        const connections = connectionsResult.data || [];
+        const unifiedServers = mcpServers.filter(s => s.source === 'unifiedto');
+        // Map connection IDs to MCP servers
+        const serverByConnectionId = new Map();
+        for (const server of unifiedServers) {
+            const connectionMatch = server.url?.match(/connection=([a-f0-9]+)/i);
+            if (connectionMatch) {
+                serverByConnectionId.set(connectionMatch[1], server);
+            }
+        }
+        console.log("\n" + "─".repeat(80));
+        console.log("🔌 MCP Servers for Connections");
+        console.log("─".repeat(80) + "\n");
+        if (connections.length === 0) {
+            console.log("ℹ️  No connections found.\n");
+            console.log("💡 Connect an integration with: lua integrations connect\n");
+            return;
+        }
+        for (const conn of connections) {
+            const mcpServer = serverByConnectionId.get(conn.id);
+            const status = mcpServer?.active ? '✅ active' : '⏸️  inactive';
+            const serverName = mcpServer?.name || 'Not found';
+            console.log(`  Connection: ${conn.id}`);
+            console.log(`  Integration: ${conn.integrationName || conn.integrationType}`);
+            console.log(`  MCP Server: ${serverName}`);
+            console.log(`  Status: ${status}`);
+            console.log("─".repeat(80));
+        }
+        console.log(`\nTotal: ${connections.length} connection(s)`);
+        console.log("\n💡 Use --connection <id> with 'activate' or 'deactivate' commands.\n");
+    }
+    catch (error) {
+        writeError(`❌ Error: ${error.message}`);
+    }
+}
+/**
+ * Activate MCP server for a connection (non-interactive)
+ */
+async function mcpActivateFlow(context, connectionId) {
+    writeProgress("🔄 Finding MCP server for connection...");
+    try {
+        const mcpServers = await fetchServersCore(context);
+        if (!mcpServers)
+            return;
+        const mcpServer = mcpServers.find(s => s.source === 'unifiedto' && s.url?.includes(`connection=${connectionId}`));
+        if (!mcpServer) {
+            writeError(`❌ No MCP server found for connection: ${connectionId}`);
+            console.log("\n💡 Make sure the connection exists. Use 'lua integrations list' to check.\n");
+            return;
+        }
+        await activateServerCore(context, mcpServer);
+    }
+    catch (error) {
+        writeError(`❌ Error: ${error.message}`);
+    }
+}
+/**
+ * Deactivate MCP server for a connection (non-interactive)
+ */
+async function mcpDeactivateFlow(context, connectionId) {
+    writeProgress("🔄 Finding MCP server for connection...");
+    try {
+        const mcpServers = await fetchServersCore(context);
+        if (!mcpServers)
+            return;
+        const mcpServer = mcpServers.find(s => s.source === 'unifiedto' && s.url?.includes(`connection=${connectionId}`));
+        if (!mcpServer) {
+            writeError(`❌ No MCP server found for connection: ${connectionId}`);
+            console.log("\n💡 Make sure the connection exists. Use 'lua integrations list' to check.\n");
+            return;
+        }
+        await deactivateServerCore(context, mcpServer);
+    }
+    catch (error) {
+        writeError(`❌ Error: ${error.message}`);
+    }
+}
+/**
+ * Interactive flow for activating MCP server
+ */
+async function mcpActivateInteractive(context) {
+    writeProgress("🔄 Loading connections...");
+    try {
+        const [connectionsResult, mcpServers] = await Promise.all([
+            context.unifiedToApi.getConnections(context.agentId),
+            fetchServersCore(context)
+        ]);
+        if (!connectionsResult.success) {
+            writeError(`❌ Failed to load connections: ${connectionsResult.error?.message}`);
+            return;
+        }
+        if (!mcpServers)
+            return;
+        const connections = connectionsResult.data || [];
+        // Map connection IDs to MCP servers
+        const serverByConnectionId = new Map();
+        for (const server of mcpServers) {
+            if (server.source === 'unifiedto') {
+                const connectionMatch = server.url?.match(/connection=([a-f0-9]+)/i);
+                if (connectionMatch) {
+                    serverByConnectionId.set(connectionMatch[1], server);
+                }
+            }
+        }
+        // Filter to show only inactive MCP servers
+        const inactiveConnections = connections.filter(conn => {
+            const server = serverByConnectionId.get(conn.id);
+            return server && !server.active;
+        });
+        if (inactiveConnections.length === 0) {
+            writeInfo("ℹ️  All MCP servers are already active (or no connections found).\n");
+            return;
+        }
+        const connectionAnswer = await safePrompt([
+            {
+                type: 'list',
+                name: 'connectionId',
+                message: 'Select a connection to activate MCP:',
+                choices: inactiveConnections.map(conn => ({
+                    name: `${conn.integrationName || conn.integrationType} (${conn.id.substring(0, 12)}...)`,
+                    value: conn.id
+                }))
+            }
+        ]);
+        if (!connectionAnswer)
+            return;
+        await mcpActivateFlow(context, connectionAnswer.connectionId);
+    }
+    catch (error) {
+        writeError(`❌ Error: ${error.message}`);
+    }
+}
+/**
+ * Interactive flow for deactivating MCP server
+ */
+async function mcpDeactivateInteractive(context) {
+    writeProgress("🔄 Loading connections...");
+    try {
+        const [connectionsResult, mcpServers] = await Promise.all([
+            context.unifiedToApi.getConnections(context.agentId),
+            fetchServersCore(context)
+        ]);
+        if (!connectionsResult.success) {
+            writeError(`❌ Failed to load connections: ${connectionsResult.error?.message}`);
+            return;
+        }
+        if (!mcpServers)
+            return;
+        const connections = connectionsResult.data || [];
+        // Map connection IDs to MCP servers
+        const serverByConnectionId = new Map();
+        for (const server of mcpServers) {
+            if (server.source === 'unifiedto') {
+                const connectionMatch = server.url?.match(/connection=([a-f0-9]+)/i);
+                if (connectionMatch) {
+                    serverByConnectionId.set(connectionMatch[1], server);
+                }
+            }
+        }
+        // Filter to show only active MCP servers
+        const activeConnections = connections.filter(conn => {
+            const server = serverByConnectionId.get(conn.id);
+            return server && server.active;
+        });
+        if (activeConnections.length === 0) {
+            writeInfo("ℹ️  No active MCP servers found to deactivate.\n");
+            return;
+        }
+        const connectionAnswer = await safePrompt([
+            {
+                type: 'list',
+                name: 'connectionId',
+                message: 'Select a connection to deactivate MCP:',
+                choices: activeConnections.map(conn => ({
+                    name: `${conn.integrationName || conn.integrationType} (${conn.id.substring(0, 12)}...)`,
+                    value: conn.id
+                }))
+            }
+        ]);
+        if (!connectionAnswer)
+            return;
+        await mcpDeactivateFlow(context, connectionAnswer.connectionId);
+    }
+    catch (error) {
+        writeError(`❌ Error: ${error.message}`);
+    }
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// Help
+// ─────────────────────────────────────────────────────────────────────────────
+function showUsage() {
+    console.log('\nUsage:');
+    console.log('  lua integrations                              Interactive integration management');
+    console.log('  lua integrations connect                      Connect a new integration (interactive)');
+    console.log('  lua integrations connect --integration <type> Connect a specific integration');
+    console.log('  lua integrations connect --integration <type> --triggers <events>  Connect with triggers');
+    console.log('  lua integrations update                       Update connection scopes (interactive)');
+    console.log('  lua integrations update --integration <type>  Update scopes for a specific integration');
+    console.log('  lua integrations list                         List connected integrations');
+    console.log('  lua integrations available                    List available integrations');
+    console.log('  lua integrations info <type>                  Show integration details (scopes, triggers)');
+    console.log('  lua integrations info <type> --json           Output as JSON for scripting');
+    console.log('  lua integrations disconnect --connection-id <id>  Disconnect an integration');
+    console.log('\nTriggers:');
+    console.log('  lua integrations webhooks list                List all triggers');
+    console.log('  lua integrations webhooks events --connection <id>   List available events for a connection');
+    console.log('  lua integrations webhooks events --integration <type> List available events for an integration');
+    console.log('  lua integrations webhooks create              Create trigger (interactive)');
+    console.log('  lua integrations webhooks create --connection <id> --object <type> --event <event> --hook-url <url>');
+    console.log('  lua integrations webhooks delete --webhook-id <id>  Delete a trigger');
+    console.log('\nMCP Server Management:');
+    console.log('  lua integrations mcp list                     List connections with MCP status');
+    console.log('  lua integrations mcp activate --connection <id>   Activate MCP server');
+    console.log('  lua integrations mcp deactivate --connection <id> Deactivate MCP server');
+    console.log('\nTrigger Options (use with connect):');
+    console.log('  --triggers <events>       Comma-separated triggers (e.g., task_task.created,task_task.updated)');
+    console.log('  --custom-webhook          Use custom URL instead of agent trigger');
+    console.log('  --hook-url <url>          Custom URL for triggers');
+}
+//# sourceMappingURL=integrations.js.map